Packet-based transmission of digitally encoded information between different parties over IP (Internet Protocol) networks is used for a variety of communication services, such as e-mail messaging, file transfers, Internet browsing, voice and video telephony, content streaming, games, and so forth. Digitally encoded information is arranged into data packets at a sending party which then transmits the packets towards a targeted receiving party over a transmission path. A data packet is basically configured with a data field containing payload data and a header field containing a destination address of the receiving party and a source address of the sending party.
Data packets may be communicated between various communication devices located within different local or private networks where each network employs a gateway for receiving packets to the devices from sources outside the network, and also for sending packets from the devices to destinations outside the network. The packets communicated between such devices in different local networks are then transported between the respective network gateways over a public IP network, such as the Internet.
In this description, the term “local network” is used to generally represent any network using internal private addressing and a gateway for external communication with parties outside the network. Other commonly used equivalent terms include “private network”, “residential network” and “home network”. Further, a “gateway” could be a residential gateway (RGW), an IP router or any other type of network entity capable of communicating data packets between a device within a local network and an entity outside the network. The term “device” is further used here to represent any terminal, computer, telephone or server capable of communicating data packets with other devices.
Since communication over public IP networks is generally deemed “unsafe” with respect to data protection and privacy, it is desirable to protect payload data and other sensitive information in the packets from illicit interception or manipulation. One way of overcoming this problem is to establish a VPN (Virtual Private Network) tunnel between the communicating parties over the public IP network.
A VPN can be seen basically as an encrypted tunnel through a public IP network, for transferring data packets between terminals and servers. VPNs are commonly used for secure communications through the public Internet. Various QoS (Quality of Service) parameters may be defined for a VPN to achieve expected behaviour between a VPN customer and a VPN service provider. Generally, a VPN may be established for two or more communication devices in a user community to provide a certain functionality that is in some respect relevant to that community.
As the popularity and usage of the Internet grows, it becomes increasingly desirable to extend private and local networks across the Internet as well. For example, many companies and enterprises having a local network establish their own VPNs to allow their employees to access the local network remotely.
A VPN can thus be seen as a logical and “distributed” local network running over a public network infrastructure. These networks make use of a range of technologies to obtain traffic privacy, traffic separation and QoS of the data. A VPN can be established over an intranet, the Internet or a service provider's network infrastructure. There are generally two basic types of VPN services available referred to as “Access VPNs” and “LAN (Local Area Network)-to-LAN VPNs”, the former being used for remote access and the latter when different local networks are interconnected to provide an intranet or extranet.
Devices within local networks typically use IP-addresses from a private address space, where such private IP addresses can be freely assigned to devices internally by a local administrator or the like. The used private IP-addresses are thus basically unknown to other users, unless explicitly told, and also to the Internet service provider providing public IP-addresses to subscribers.
Today, these private address spaces are generally re-used in multiple local networks, and therefore the private IP-addresses used by different local networks for their devices may overlap with each other, in particular the commonly used IPv4-based private address spaces. For example, the private IP address used by a device in one local network may be the same address as the one used by another device in another opposite local network, resulting in ambiguous addressing in communicated data packets. Due to such overlapping or re-used private address spaces and local assignment to devices, private IP addresses are effectively “unroutable” in the public Internet, and public IP addresses must therefore also be used in the packets since private IP addresses are not used for routing outside the local network domain.
A remaining problem is however that a packet sending device in one local network must include a private IP address of a receiving device in the opposite local network, which requires some suitable functionality at the sending device for proper identification of the receiving device. Furthermore, if dynamic address assignment is used for the devices within the local networks, the private IP address of a particular device will be changed from time to time. Thus, it could be rather difficult to maintain knowledge at the local devices of such address changes at the opposite network to provide a proper destination address in outgoing packets.